Newly Patched IE Flaw Already Being Exploited

Attackers are already exploiting a critical remote code execution vulnerability in Internet Explorer that Microsoft released a patch for Tuesday.

The fact that exploit code is in the wild and being used by attackers makes it especially urgent that Microsoft customers immediately apply Microsoft Security Bulletin MS05-054.

The bulletin is a cumulative security update for Internet Explorer and includes fixes for three other new vulnerabilities. One of those flaws is also critical, but it was not publicly disclosed before Microsoft released the security bulletin.

Both of the critical flaws are even critical for Windows XP Service Pack 2. Often, patches that are critical for other platforms are less severe on SP2. Customers running IE 6 on Windows Server 2003 only face a moderate threat from the two critical flaws, according to Microsoft's bulletin.

MS05-054 is one of two security bulletins Microsoft released Tuesday as part of its monthly security patching cycle. The other bulletin, MS05-055, has a maximum severity of important, one step below critical on Microsoft's threat scale. That patch fixes a flaw in the Windows kernel that could allow an elevation of privilege.

Microsoft also re-released MS05-050 on Tuesday to revise versions of the update for Windows 2000 SP4, Windows XP SP1 and Windows Server 2003.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • The 2021 Microsoft Product Roadmap

    From Windows 10X to the next generation of Microsoft's application server products, here are the product milestones coming down the pipeline in 2021.

  • After High-Profile Attacks, Biden Calls for Better Software Security

    Recent high-profile security attacks have prompted the Biden administration to issue an executive order aiming to tighten software security practices across the board.

  • With Hybrid Networks on Rise, Microsoft Touts Zero Trust Security

    Hybrid networks, which combine use of cloud services with on-premises software, require a "zero trust" security approach, Microsoft said this week.

  • Feds Advise Orgs on How To Block Ransomware Amid Colonial Pipeline Attack

    A recent ransomware attack on a U.S. fuel pipeline company has put a spotlight on how "critical infrastructure" organizations can prevent similar attacks.